[DEFAULT]
debug = {{ cinder_logging_debug }}

log_dir = /var/log/kolla/cinder
{% if service_name == "cinder-api" %}
log_file = cinder-api.log
{% endif %}
use_forwarded_for = true

# Set use_stderr to false or the logs will also be sent to stderr
# and collected by Docker
use_stderr = false

my_ip = {{ api_interface_address }}

volume_name_template = volume-%s

glance_api_servers = {{ glance_internal_endpoint }}

glance_num_retries = {{ groups['glance-api'] | length }}
glance_ca_certificates_file = {{ openstack_cacert }}

{% if service_name == "cinder-volume" and cinder_cluster_name != "" %}
cluster = {{ cinder_cluster_name }}
{% endif %}

{% if cinder_enabled_backends %}
{% if service_name == 'cinder-volume' %}
enabled_backends = {{ cinder_enabled_backends|map(attribute='name')|join(',') }}
{% endif %}
{% endif %}

{% if service_name == "cinder-backup" and enable_cinder_backup | bool %}
{% if cinder_backup_driver == "ceph" %}
backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
backup_ceph_conf = /etc/ceph/{{ cinder_backup_ceph_backend['cluster'] }}.conf
backup_ceph_user = {{ cinder_backup_ceph_backend['user'] }}
backup_ceph_chunk_size = 134217728
backup_ceph_pool = {{ cinder_backup_ceph_backend['pool'] }}
backup_ceph_stripe_unit = 0
backup_ceph_stripe_count = 0
restore_discard_excess_bytes = true
{% elif cinder_backup_driver == "nfs" %}
backup_driver = cinder.backup.drivers.nfs.NFSBackupDriver
backup_mount_options = {{ cinder_backup_mount_options_nfs }}
backup_mount_point_base = /var/lib/cinder/backup
backup_share = {{ cinder_backup_share }}
backup_file_size = 327680000
{% elif cinder_backup_driver == "s3" %}
backup_driver = cinder.backup.drivers.s3.S3BackupDriver
backup_s3_endpoint_url = {{ cinder_backup_s3_url }}
backup_s3_store_bucket = {{ cinder_backup_s3_bucket }}
backup_s3_store_access_key = {{ cinder_backup_s3_access_key }}
backup_s3_store_secret_key = {{ cinder_backup_s3_secret_key }}
{% endif %}
{% endif %}

api_paste_config = /etc/cinder/api-paste.ini

auth_strategy = keystone

transport_url = {{ rpc_transport_url }}

[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if cinder_enabled_notification_topics %}
driver = messagingv2
topics = {{ cinder_enabled_notification_topics | map(attribute='name') | join(',') }}
{% else %}
driver = noop
{% endif %}

[oslo_messaging_rabbit]
use_queue_manager = true
{% if service_name == 'cinder-api' %}
processname = {{ service_name }}
{% endif %}
heartbeat_in_pthread = {{ service_name == 'cinder-api' }}
{% if om_enable_rabbitmq_tls | bool %}
ssl = true
ssl_ca_file = {{ om_rabbitmq_cacert }}
{% endif %}
rabbit_quorum_queue = true
{% if om_enable_rabbitmq_stream_fanout | bool %}
rabbit_stream_fanout = true
rabbit_qos_prefetch_count = {{ om_rabbitmq_qos_prefetch_count }}
{% endif %}
rabbit_transient_quorum_queue = true

[oslo_middleware]
enable_proxy_headers_parsing = true

{% if cinder_policy_file is defined %}
[oslo_policy]
policy_file = {{ cinder_policy_file }}
{% endif %}

[nova]
interface = internal
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
region_name = {{ openstack_region_name }}
project_name = service
username = {{ nova_keystone_user }}
password = {{ nova_keystone_password }}
cafile = {{ openstack_cacert }}

[database]
connection = mysql+pymysql://{{ cinder_database_user }}:{{ cinder_database_password }}@{{ cinder_database_address }}/{{ cinder_database_name }}
connection_recycle_time = {{ database_connection_recycle_time }}
max_pool_size = {{ database_max_pool_size }}
max_retries = -1

[keystone_authtoken]
service_type = volume
# security fix, always validate service tokens
# see: https://security.openstack.org/ossa/OSSA-2023-003.html
# and: https://docs.openstack.org/cinder/zed/configuration/block-storage/service-token.html#troubleshooting
service_token_roles_required = true
www_authenticate_uri = {{ keystone_public_url }}
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ cinder_keystone_user }}
password = {{ cinder_keystone_password }}
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}

memcache_security_strategy = {{ memcache_security_strategy }}
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}


[oslo_concurrency]
lock_path = /var/lib/cinder/tmp

{% if enable_cinder_backend_lvm | bool %}
[{{ cinder_backend_lvm_name }}]
volume_group = {{ cinder_volume_group }}
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_backend_name = {{ cinder_backend_lvm_name }}
target_helper = {{ cinder_target_helper }}
target_protocol = iscsi
{% endif %}

{% if cinder_backend_ceph | bool %}
{% if service_name == 'cinder-volume' %}
{% for backend in cinder_ceph_backends %}
[{{ backend.name }}]
volume_driver = cinder.volume.drivers.rbd.RBDDriver
volume_backend_name = {{ backend.backend_name | default(backend.name) }}
rbd_pool = {{ backend.pool }}
rbd_ceph_conf = /etc/ceph/{{ backend.cluster }}.conf
rados_connect_timeout = 5
rbd_user = {{ backend.user }}
rbd_cluster_name = {{ backend.cluster }}
rbd_keyring_conf = /etc/ceph/{{ backend.cluster }}.client.{{ backend.user }}.keyring
rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
report_discard_supported = true
{% if backend.availability_zone is defined %}
backend_availability_zone = {{ backend.availability_zone }}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}

{% if enable_cinder_backend_nfs | bool %}
[{{ cinder_backend_nfs_name }}]
volume_driver = cinder.volume.drivers.nfs.NfsDriver
volume_backend_name = {{ cinder_backend_nfs_name }}
nfs_shares_config = /etc/cinder/nfs_shares
nfs_snapshot_support = true
nas_secure_file_permissions = false
nas_secure_file_operations = false
{% endif %}

{% if cinder_backend_vmwarevc_vmdk | bool %}
[{{ cinder_backend_vmwarevc_vmdk_name }}]
volume_driver = cinder.volume.drivers.vmware.vmdk.VMwareVcVmdkDriver
vmware_host_ip = {{ vmware_vcenter_host_ip }}
vmware_host_username = {{ vmware_vcenter_host_username }}
vmware_host_password = {{ vmware_vcenter_host_password }}
vmware_cluster_name = {{ vmware_vcenter_cluster_name }}
vmware_insecure = true
{% endif %}

{% if cinder_backend_vmware_vstorage_object | bool %}
[{{ cinder_backend_vmware_vstorage_object_name }}]
volume_driver = cinder.volume.drivers.vmware.fcd.VMwareVStorageObjectDriver
vmware_host_ip = {{ vmware_vcenter_host_ip }}
vmware_host_username = {{ vmware_vcenter_host_username }}
vmware_host_password = {{ vmware_vcenter_host_password }}
vmware_cluster_name = {{ vmware_vcenter_cluster_name }}
vmware_insecure = true
{% endif %}

{% if enable_cinder_backend_quobyte | bool %}
[{{ cinder_backend_quobyte_name }}]
volume_driver = cinder.volume.drivers.quobyte.QuobyteDriver
quobyte_volume_url = quobyte://{{ quobyte_storage_host }}/{{ quobyte_storage_volume }}
{% endif %}

{% if enable_cinder_backend_pure_iscsi | bool %}
[{{ cinder_backend_pure_iscsi_name }}]
volume_backend_name = {{ pure_iscsi_backend }}
volume_driver = cinder.volume.drivers.pure.PureISCSIDriver
san_ip = {{ pure_san_ip }}
pure_api_token = {{ pure_api_token }}
{% endif %}

{% if enable_cinder_backend_pure_fc | bool %}
[{{ cinder_backend_pure_fc_name }}]
volume_backend_name = {{ pure_fc_backend }}
volume_driver = cinder.volume.drivers.pure.PureFCDriver
san_ip = {{ pure_san_ip }}
pure_api_token = {{ pure_api_token }}
{% endif %}

{% if enable_cinder_backend_pure_nvme_tcp | bool %}
[{{ cinder_backend_pure_nvme_tcp_name }}]
volume_backend_name = {{ pure_nvme_tcp_backend }}
volume_driver = cinder.volume.drivers.pure.PureNVMEDriver
pure_nvme_transport = tcp
san_ip = {{ pure_san_ip }}
pure_api_token = {{ pure_api_token }}
{% endif %}

{% if enable_cinder_backend_pure_roce | bool %}
[{{ cinder_backend_pure_roce_name }}]
volume_backend_name = {{ pure_roce_backend }}
volume_driver = cinder.volume.drivers.pure.PureNVMEDriver
san_ip = {{ pure_san_ip }}
pure_api_token = {{ pure_api_token }}
{% endif %}

{% if enable_cinder_backend_lightbits | bool %}
[{{ cinder_backend_lightbits_name }}]
volume_driver = cinder.volume.drivers.lightos.LightOSVolumeDriver
volume_backend_name = {{ lightbits_nvme_tcp_backend_name }}
lightos_api_address = {{ lightbits_target_ips }}
lightos_api_port = {{ lightbits_api_port }}
lightos_default_num_replicas = {{ lightbits_default_num_replicas }}
lightos_skip_ssl_verify = {{ lightbits_skip_ssl_verify }}
lightos_jwt = {{ lightbits_JWT }}
{% endif %}

[privsep_entrypoint]
helper_command=sudo cinder-rootwrap /etc/cinder/rootwrap.conf privsep-helper --config-file /etc/cinder/cinder.conf

{% if enable_osprofiler | bool %}
[profiler]
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
connection_string = {{ osprofiler_backend_connection_string }}
{% endif %}

{% if enable_barbican | bool %}
[barbican]
auth_endpoint = {{ keystone_internal_url }}
barbican_endpoint_type = internal
verify_ssl_path = {{ openstack_cacert }}
{% endif %}

[coordination]
{% if cinder_coordination_backend == 'redis' %}
backend_url = {{ redis_connection_string }}
{% elif cinder_coordination_backend == 'etcd' %}
# NOTE(yoctozepto): we must use etcd3gw (aka etcd3+http) due to issues with alternative (etcd3) and eventlet (as used by cinder)
# see https://bugs.launchpad.net/kolla-ansible/+bug/1854932
# and https://review.opendev.org/466098 for details
# NOTE(jan.gutter): etcd v3.4 removed the default `v3alpha` api_version. Until
# tooz defaults to a newer version, we should explicitly specify `v3`
backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ etcd_client_port }}?api_version=v3{% if openstack_cacert %}&ca_cert={{ openstack_cacert }}{% endif %}
{% endif %}
